Software Security
2011-2012 - IMT3501 - 10 ECTS

On the basis of

  • IMT1082 - Objekt-orientert programmering
  • IMT1121 - Innføring i informasjonssikkerhet
  • IMT2021 - Algoritmiske metoder
  • IMT2282 - Operativsystemer
  • IMT2431 - Datakommunikasjon og nettverkssikkerhet

Expected learning outcomes

After successful completion of the course the students have basic knowledge on how software kan be created and maintained with security in mind, i.e. deviation from expected functionality owing to interaction with an adversary. The students have an overview of existing techniques, classes of tools and the methods used in software development today. Students can apply their knowledge to problem cases in an industrial or research setting. They understand attack patterns, e.g. buffer overflows , format string  problems, command injection , and cross-site scripting . They are able to identify potential threats and vulnerabilities early in a program's lifecycle and apply measures that prevent or reduce vulnerabilities in software. The students succeed in presenting their analyses and approaches to other developers, superiors and customers.


  • Software Assurance
  • Risk Analysis & Management
  • Secure Software Development Cycle
  • Coding Practices and Rules
  • Source Code Analysis
  • Security Testing
  • Attack Patterns
  • Malware

Teaching Methods

Group works
Laboratory work
Mandatory assignments
PBL (Problem Based Learning)

Form(s) of Assessment

Written exam, 3 hours

Grading Scale

Alphabetical Scale, A(best) – F (fail)

External/internal examiner

Evaluation by the lecturer

Re-sit examination

Ordinary re-sit examination

Examination support

All self-produced paper-based support is allowed up to four A4 sheets. The school can request that the sheets be copied on paper provided by the school.

Coursework Requirements

At least 6 obligatory exercises must be handed in. Hand-ins are marked by other students. Participants must mark as many exercises as they have handed in. If an exercise does not get a passing grade, the student can request that his exercise be marked by the lecturer.

Teaching Materials

  • Dowd, M., McDonald, J., and Schuh, J. (2006). The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities. ISBN 0-321-44442-6. Library 005.8 Dow
  • Hoglund, G. and McGraw, G. (2004). Exploiting Software: How to Break Code. ISBN 0-201-78695-8. Library 005.8 Hog
  • McGraw, G. (2006). Software Security: Building Security in. ISBN 0-321-35670-5. Library 005.8 McG

Replacement course for

IMT3381 Applikasjonssikkerhet, IMT3571 Datasystemsikkerhet